Lucene search

K
cvelistMozillaCVELIST:CVE-2018-12398
HistoryFeb 28, 2019 - 6:00 p.m.

CVE-2018-12398

2019-02-2818:00:00
mozilla
www.cve.org

7.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "63",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

7.1 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%